China Travel

Security checks across malware telemetry and agentic risk

Overview

This is a text-only China travel guide with some VPN advice, but no hidden code, persistence, or authority to operate accounts or make payments.

Install if you want a China travel checklist and reference guide. Treat its payment, visa, and VPN sections as general guidance only: verify current official rules, use lawful network options in your location, and do not share passport, card, or verification-code details with an agent unless you intentionally choose to.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The guide explicitly advises users to use a VPN to receive verification codes, which promotes bypass-oriented behavior unrelated to neutral travel assistance. In the context of a travel/payment skill, this can steer users toward circumvention practices that may violate local rules, create compliance issues, or expose them to unsafe third-party VPN tools.

Context-Inappropriate Capability

Low

Confidence: 91% confidence
Finding: Including a VPN recommendation ('自行准备') introduces censorship/circumvention tooling into a payment and transport guide where it is not necessary for core task completion. Even without operational detail, normalizing VPN use in this context broadens the skill beyond legitimate travel logistics and may encourage users toward legally or operationally risky behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal